Lynis 2.4.6

Lynis 2.4.6 (2017-03-15)

Changes:

• Added FileInstalledByPackage function (dpkg and rpm supported)
• Mark Arch Linux version as rolling release (instead of unknown)
• Support for Manjaro Linux
• Escape files when testing if they are readable
• Code cleanups

Tests:

• CRYP-7902 - Test more certificates names, but only if they are not part of a package
• FILE-7524 - Reduce standard screen output for file permissions check
• MALW-3280 - Added Avira detection as a malware scanner
• NAME-4018 - Only perform name services test when resolv.conf file exists
• PKGS-7387 - Check all repositories if they use GPG signing
• SCHD-7704 - Permission checks
• TIME-3104 - Check permissions before open files

Lynis 2.4.5

Lynis 2.4.5 (2017-03-09)

Changes:

• Allow host alias to be specified in profile
• Code readability enhancements
• Solaris support has been improved

Tests:

• AUTH-9328 - Add missing 0027 and 0077 umasks
• BOOT-5104 - Add initsplash and minor code enhancements
• DBS-1882 - Include Redis configuration file
• FIRE-4502 - Improved detection for iptables modules when using OpenVZ
• PKGS-7381 - Enhanced package audit for FreeBSD

Lynis 2.4.4

Lynis 2.4.4 (2017-03-01)

Changes:

• Fix for upload function to be used from profile
• Reduce screen output for mail section, unless --verbose is used
• Code cleanups and removed 'update release' command

Tests:

• AUTH-9308 - Improved test for sulogin string (Debian systems)
• FILE-6372 - Properly deal with comment on lines in /etc/fstab
• MAIL-8817 - New test to check Postfix configuration for errors
• SSH-7408 - Corrected SSH check

Lynis 2.4.3

Lynis 2.4.3 (2017-02-22)

Changes:

• Colored output can now be tuned with profile (colors=yes/no)
• Allow data upload to be set as a profile option

Tests:

• AUTH-9308 - Improved test for sulogin string
• MAIL-8818 - Test if Linux version is known before comparing in Postfix banner
• TIME-3116 - Skip stratum 16 items for time pools
• TIME-3148 - New test to detect TZ variable

Lynis 2.4.2

Lynis 2.4.2 (2017-02-15)

Changes:

• Properly detect SSH daemon version

Tests:

• AUTH-9208 - Removed double logging
• AUTH-9222 - Improve logging for double groups
• AUTH-9226 - Improve logging for double groups
• BOOT-5177 - Sort systemctl unit files to make them unique
• DBS-1818 - New test to detect MongoDB
• DBS-1820 - New test for MongoDB authentication
• FIRE-4512 - Lowered minimum number of iptables firewall rules
• FIRE-4586 - Fix applied when searching for "-j LOG"
• HRDN-7222 - Changed reporting key of world executable compilers
• SSH-7408 - Added filtering for PermitRootLogin (prohibit-password, OpenSSH 7.0)

Lynis 2.4.1

Lynis 2.4.1 (2017-02-09)

Changes:

• Generic code improvements
• Improved the update check and display
• Finish, Portuguese, and Turkish translation
• Extended support and tests for DragonFlyBSD
• Option to configure hostid and hostid2 in profile
• Support for Trend Micro and Cylance (macOS)
• Remove comments at end of nginx configuration
• Used machine ID to create host ID when no SSH keys are available
• Added detection of iptables-save to binaries

Tests:

• FIRE-4586 - Check logging for firewall components
• KRNL-5788 - Remove exception and style improvements
• KRNL-5830 - Improved logging

Lynis 2.4.0

Lynis 2.4.0 (2016-10-27)

Exactly one month after previous release, the Lynis project is proud to announce
a new release. This release had the specific focus to improve support for macOS
users. Thanks to testers and contributors to make this possible.

New:

• New group "system integrity" added
• Support for clamconf utility
• Chinese translation (language=cn)
• New command "upload-only" to upload just the data instead of a full audit
• Enhanced support for macOS, including HostID2 generation for macOS
• Support for CoreOS
• Detection for pkg binary (FreeBSD)
• New command: lynis show hostids (show host ID)
• New command: lynis show environment (hardware, VM, or container type)
• New command: lynis show os (show operating system details)

Changes:

• Several new sysctl values have been added to the default profile
• Existing tests have been enhanced to support macOS

Tests:

• AUTH-9234 - Support for macOS user gathering
• BOOT-5139 - Support for machine roles in LILO test
• BOOT-5202 - Improve uptime detection for macOS and others
• FIRE-4518 - Improve pf detection and mark as root-only test
• FIRE-4530 - Don't show error on screen for missing IPFW sysctl key
• FIRE-4534 - Check Little Snitch on macOS
• INSE-8050 - Test for insecure services on macOS
• MACF-6208 - Allow non-privileged execution and filter permission issues
• MALW-3280 - Detection for Avast and Bitdefender daemon on macOS
• NETW-3004 - Support for macOS
• PKGS-7381 - Improve test for pkg audit on FreeBSD
• TIME-3104 - Chrony support extended

Plugins (community and commercial):

• PLGN-1430 - Gather installed software packages for macOS
• PLGN-4602 - Support for Clam definition check on macOS

Lynis 2.3.4

• Lynis 2.3.4 (2016-09-27) *

Changes:

• Skip update message when using the 'show' helper
• Instead of opening the log file, you can now use 'lynis show details' followed
  by the test ID. It will show the relevant section.
• Several tests have extended log details
• Many style improvements as part of ongoing refactoring of the code
• Detection of nftables improved
• Replaced cut, sed, tr and others commands with binary variable (for forensics
  and future intrusion checking capabilities)
• Swedish translation provided by Peter Carlsson
• Support for arch-audit to scan for presence of vulnerable packages on Arch Linux
• OS detection improved

Tests:

• CONT-8107 - New test checking number of Docker containers
• CRYP-7902 - Gather more details regarding certificates
• DBS-1816 - Define skip reason
• FILE-6344 - Adjusted /proc test for hidepid option
• FILE-6362 - Removed warning and add skip reason
• FIRE-4520 - Change test to use detected binary
• FIRE-4520 - New test to check for empty nftables ruleset
• KRNL-5820 - Corrected function and style improvements
• LOGG-2146 - Textual change
• NAME-4408 - Check localhost to IP mapping
• PKGS-7320 - Test for arch-audit tool
• PKGS-7322 - Check vulnerable packages on Arch Linux
• PKGS-7381 - Extended vulnerable package detection for FreeBSD
• TIME-3104 - timedatectl test now detects NTP synchronization properly

Lynis 2.3.3

Lynis 2.3.3 (2016-08-23)

Upgrade note

Customized profiles that included sysctl settings need to be altered. See
default.prf for the correct format of the lines.

Additions

• OpenStack detection
• Option to disable automatic refresh of software repository

Languages

• Japanese translation added, contributed by Yukio Takahara

Fixes

• Some tests did not show a warning text
• Typo in man page for tests-from-group

Parameters

• New --bin-dirs to define binary directories to scan
• New option --root-dir to specify a different file system to scan

Nginx

• Rewrite of configuration parsing

PHP

• Support for PHP 5.6

Redis

• Redis test to detect configuration files
• Test Redis configuration for several best practices
• Perform permission check on Redis configuration files

Experimental features (in development)

• --bin-dirs - set what directories should be scanned for binaries
• --root-dir - define the root of the file system, to allow forensics

Settings

• Many settings have a new alias (with dashes instead underscores)
• New setting 'show-report-solution' to show solution in report

Functions

• ExitFatal can now exit program with optional text
• IsNotebook can detect if system is a notebook (or not)
• ShowSymlinkPath and FileIsReadable test for at least one argument
• StoreNginxSettings will save parsed nginx configuration

Tests

• BOOT-5108 - Support for Syslinux bootloader
• DBS-1882 - Redis configuration detection
• DBS-1884 - Redis 'requirepass' check
• DBS-1886 - Redis 'rename-command CONFIG' check
• DBS-1888 - Redis 'bind localhost' check
• FILE-6374 - Improved logging
• KRNL-5830 - Improved logging for detected Linux kernels
• KRNL-6000 - Support for multiple profiles and new format style
• LOGG-2190 - Ignore MySQL files in /tmp from early MySQL 5.x releases
• LOGG-2192 - New test to check opened log files that are empty

Lynis Enterprise integration

• Tag 'redis-server' is added for systems running Redis

Lynis 2.3.2

Lynis 2.3.2 (2016-08-09)

Categories and Groups

Tests are now grouped by their focus area and named 'groups' accordingly.
Besides groups, each test will belong to a category (performance, privacy, or
security).

Commands: lynis show categories, lynis show groups
Options: --tests-from-category, --tests-from-group

Note: You might need to change your scripts if you previously defined the group
of tests to scan.

Development

A new 'strict' option is available in the profiles and by default enabled for
the initialization phases of Lynis. It will perform a strict code check for the
tests, to detect any uninitialized variables, improving code quality.

Helpers

With 'lynis update check' you can now check for updates. This is the preferred
new method.

The command 'lynis show changelog' allows reviewing the changes. Optionally a
release can be specified as additional argument.

Languages

Initial translation for German has been contributed by Kai Raven. The Italian
translation by Stefano Marty (stefanomarty). Hungarian translation by Zoltan
Paldi (paldiz)

Profiles

Parsing of the profiles has been improved, which prevented some settings from
overriding default settings.

Tests

• AUTH-9212 - Added prerequisite to log
• AUTH-9216 - Simplified test and make it more efficient
• AUTH-9218 - Clean ups and improve readability
• AUTH-9226 - Style, text, and removed warning
• AUTH-9228 - Provide just a suggestion instead of warning
• AUTH-9268 - Improve test for readability
• AUTH-9328 - Test /etc/profile.d for umask setting
• AUTH-9406 - Readability and code style changes
• CONT-8102 - Determine if all Docker tests should be performed
• DBS-1880 - Initial support for Redis server
• HTTP-6720 - Readability improvement of test
• KRNL-5830 - Readability and style improvements, ignore rescue images
• MAIL-8818 - Style and refactoring
• PHP-2211 - Readability improvement and code style changes
• PHP-2374 - Changed text and cleanups
• PHP-2376 - Log result to log file instead of report
• PKGS-7383 - Simplified test
• PKGS-7388 - Style and readability improvements
• TIME-3106 - Corrected string to test for status
• TOOL-5102 - Split of fail2ban tests
• TOOL-5104 - Test for enabled fail2ban jails

Languages

Translation of Spanish (es) added
Proper display of text strings when accented characters are used
More text strings added

General

• Added bold and header as new colors
• Changed header and footer of screen output
• Allow atomic tests to be skipped (e.g. SSH-7408)
• Extended tests database with category (lynis show tests)
• By default Lynis will now run in 'quick mode' and not break after each
  section. You can get this behavior by adding the --wait option.

Functions

• RemoveColors - New test to clear colors
• DisplayError - Display error on screen in uniform format and colors
  Use an optional exit code to quit the program
• SkipAtomicTest - This function is now properly working with lowercase strings

Website

Several controls on the website are added or updated, including:

• FILE-6344
• FINT-4315
• FINT-4402
• HTTP-6714
• MACF-6234
• NAME-4018
• NAME-4402
• PHP-2374
• PROC-3612
• TIME-3106